Creating ACI fabric connectors
With FortiManager, you can create a fabric connector for Application Centric Infrastructure (ACI), and then import address names from ACI to automatically create dynamic objects that you can use in policies. When you install the policies to one or more FortiGate units, FortiGate uses the information to communicate either with the Fortinet SDN Connector or directly with ACI and dynamically populate the objects with IP addresses.
The Cisco ACI fabric connector supports IPv4 and IPv6 addresses. |
When you create a fabric connector for ACI, you are specifying how FortiGate can communicate with ACI.
Requirements:
- FortiGate is managed by FortiManager.
- The managed FortiGate unit is configured to work with Application Centric Infrastructure (ACI).
To create a fabric connector object for ACI:
- Go to Fabric View > External Connectors, and click Create New. The Create New Fabric Connector wizard is displayed.
- Under Private SDN, select Application Centric Infrastructure. The Application Centric Infrastructure screen is displayed.
- Configure the following options, and click OK:
Type
Displays Application Centric Infrastructure (ACI).
Name
Type a name for the fabric connector object.
Status
Toggle On to enable the fabric connector object. Toggle OFF to disable the fabric connector object.
ACI Type
Select the FortiSDN Connector or Direct Connection.
IP
Type the IP address.
Port
Identify the port used for Fortinet SDN Connector.
Perform one of the following options:
- Click Use Default to use the default port.
- Click Specify and type the port number.
User Name
Type the user name for Fortinet SDN Connector.
Password
Type the password for Fortinet SDN Connector.
- Click OK to save the connector.
To complete the fabric connector setup:
- Import address names or manually create the dynamic firewall address for the SDN connector. See Importing address names to fabric connectors and Configuring dynamic firewall addresses for fabric connectors.
You can import SDN objects by filter or by endpoint group (EPG). - In the policy package in which you will be creating the new policy, create a firewall policy and include the dynamic firewall address objects for the SDN connector. See Create a new firewall policy.
- Install the policy package to FortiGate. See Install a policy package.
FortiGate communicates with the SDN to dynamically populate the firewall address objects with IP addresses.